The identity community at Hyperledger is lucky to see the groundbreaking toolboxes, libraries, and resources grow by leaps and bounds in just a very short time. From Hyperledger Indy, then Hyperledger Ursa, to the new project Hyperledger Aries, widespread adoption of decentralized identity is closer than ever. It was this excitement and optimism for the growing industry of identity products and solutions being born out of this community from which the Self-Sovereign Identity Incubator (SSI Incubator) was launched. By combining the expert mentors from all over the decentralized identity world with some of the most passionate innovators in the identity startup scene today, the Hyperledger identity community is poised to see growth that we’ve all been waiting for.
The SSI Incubator is designed to remove barriers to startup financing and success within the self-sovereign identity (SSI) industry. More than just seed funding and high-profile pitching opportunities, participating startups also receive co-working space, educational workshops, mentorship, and networking events with some of the most influential voices in the decentralized identity community today. The startups in this program are nearing the end of this time-limited and mentor-focused program, with the 12 weeks culminating in a final evening devoted to exploring the future of SSI.
The five startup projects are:
Domi (Berlin): Digital passports for landlords and tenants that would create a fairer rental market.
HearRo (Los Angeles): A blockchain-powered phone system for trusted, effortless communication
MetaDigital Inc (Toronto): An Intelligent Healthcare Platform that would eliminate medical prescription and insurance claim fraud with real-time digital verification.
Spaceman ID Inc (Chicago): Tools for companies to easily implement private, secure, and portable digital credentials.
Xertify (Bogotá, CO): A network where people and institutions can exchange trusted information based on blockchain technology.
“The Hyperledger identity community holds the secret to growing the use and interoperability of SSI. The SSI Incubator has shined a light on the breadth of organizations of all types and sizes that see the value of decentralized identity,” said Heather C. Dahl, CEO & Executive Director of the Sovrin Foundation. “The mix of SSI solutions and startups focused on healthcare, enterprise adoption, the home rental market, telecommunications, and education joined us from around the world shows the widespread interest and development in self-sovereign identity technologies. This range of diverse solutions is what is driving SSI adoption.”
With three identity specific projects, Hyperledger is now home to a dynamic and growing community with hundreds of unique contributors and maintainers. The first identity-focused project was Hyperledger Indy first launched in 2018, then Hyperledger Ursa later that year. In early 2019, Hyperledger Aries launched to create a shared, reusable, interoperable tool kit for the exchange of verifiable credentials across systems and networks. We’re now thrilled to announce the Hyperledger Aries community will be meeting December 3-5, 2019 in Provo, Utah, for an in-person connectathon.
The goal of this event is to increase communication, interoperability, and support across the many Aries compatible projects. Like the previous, more informal, connectathon held earlier in 2019, this is a community-led event. Some of the focus will be on certain Aries projects currently in development within the community including, but not limited to:
Aries Cloud Agent – Python, developed by the government of British Columbia
Aries Framework DotNet, the Open Source foundation for StreetCred’s mobile app
Mattr Global’s Open Source Mobile Agent (OSMA)
Aries Framework Go, developed by SecureKey
LibVCX based projects, supported by Evernym
The Sovrin Foundation, a leading contributor of Indy, Ursa, and Aries projects, is hosting the Aries Connectathon.
After kicking off with an overview of the key topics at this architecture and design focused event, attendees will focus their work on collaboration across Hyperledger Aries compatible codebases with test suites, tools, and direct interoperable interaction. This includes DID Communication, Verifiable Credential Exchange, DID Exchange, and other protocols targeted for wider adoption. Time spent at this community event will primarily be workshop related, supported with speakers and discussions on relevant topics.
It’s important to note that this is primarily a coding event; however, all contributors, maintainers, and community participants from any project interested in these topics are welcome to attend. Most of the participants at this event will already be active participants in the Hyperledger community and should be ready to hit the ground running. The Aries Connectathon is a great place to roll up your sleeves and get to work!
Hyperledger and Streetcred have already generously offered sponsorship to help cover some of the costs of the three-day event. Many event sponsorships are still available.
Please see the event wiki to register and find out how to get involved.
My name is Zixuan Zeng, a CS student from Zhejiang University. This summer, I was happy to join the Hyperledger Internship Program and had a very fulfilling experience. I was fortunate to work with my mentor Adam Burdett from the Sovrin Foundation on a project focused on building a Raspberry Pi Indy agent on Raspberry Pi.This project’s goals was to develop a Hyperledger Indy agent running on Raspberry pi, producing a customized Raspbian image that provides easy access to GPIO pins, enabling it to interact with external sensors, LED matrix, etc. With the new Hyperledger Aries project, our implementation was an Aries-cloud-agent (previously indy-catalyst) that can interact with Indy pool and create more interesting applications. This project also includes an Aries RFC defining the message format for interactions with Sense-Hat extension board as well as its messaging module implementation.
What I learned:
Open source community work style: Through this summer’s internship, I experienced the working style of open-source development from the Hyperledger community. For example, I opened a GitHub issue and got it resolved.
Blockchain knowledge: In this internship, I got to know more about not only the basic blockchain concept but its exciting applications in the future. I learned distributed ledger, zero-knowledge proof and decentralized identifiers during this summer. Additionally, I had the opportunity to set up and test blockchains myself.
Programming experience on IoT devices: I also gained hands-on programming experience on Raspberry Pi. Since it has ARM architecture, even compiling the SDK was a tough task for me at first. After many tries and looking up the documents, I finally made it on Raspberry Pi. Using Python to control an external GPIO port was also a fun and new experience to me.
Implementation of a working Hyperledger Indy agent: Working with Aries Cloud Agent, I developed messaging protocols and successfully implemented a working agent. Walking through the architecture of the agent project was really a learning experience for me. I felt very accomplished when I understood the structure of the whole project and developed sub-module based on that.
What comes next:
The next step for this project could be:
Extend to other IoT devices
Add support for more add-on boards
Add support for more messaging types
After this fulfilling experience, I determined that my plan is to become a software engineer, especially in blockchain area. I am happy to join the Hyperledger family and hope I can make more contributions to this vibrant community in the future.
Below are some screenshots from my project. To read my full report, go here.
Those who study decentralized or self-sovereign identity technologies quickly run into two important mental models. The Decentralized Identity Foundation promotes the notion of hubs—services that help an identity owner manage data and interact through it. Hyperledger Indy and the Sovrin Foundation talk about agents—pieces of software that hold delegated keys, exchange digital credentials, and otherwise do an identity owner’s bidding.
Overlapping descriptions of hubs and agents have fostered a perception that they’re competing technologies. This is unfortunate, because the truth is quite different. Hubs and agents are actually synergistic, as explored below. Like a drummer and a guitarist, they contribute in vital and complementary ways to the music of identity.
But if we want cryptographic primitives to yield practical benefits, we have to package decentralized identity so it’s easy for a child or a grandparent who thinks of tech in terms of clicks on a cell phone. That’s where hubs and agents come in.
Hubs are the data managers of decentralized identity. Like DropBox or Google Drive or iCloud, they let you put data into the cloud with confidence that it will be secure, available, and shareable anytime, anywhere. Unlike those familiar services, hub interfaces are vendor- and platform-agnostic. If you migrate from Apple to Android, your data is unaffected. If you close an account with Google, your data survives, because the data is tied to you, not to an email account or a piece of hardware. If a hacker or a malicious sysadmin or the machine learning algorithm of a data miner peers into your storage, they see data encrypted by keys that only you hold.
Agents are the personal assistants of decentralized identity. Remember how Iron Man delegates work to Jarvis? Agents are connected and digitally empowered like Jarvis. They are the mechanism for sophisticated delegation that gets work done—work like giving and retracting consent, buying and selling, scheduling and reminding, auditing, monitoring, proving things with credentials, enacting and fulfilling contracts, issuing receipts, and so forth. They speak bits and bytes, keys and crypto, and protocols and transports, so their masters don’t have to. Unlike Alexa and Siri, they are trustworthy fiduciaries, because they work exclusively for their owners. They don’t stream data about their masters back to a corporate data lake to be analyzed and mined.
Rock music often begins with a percussion groove to set tempo and mood, with the guitar joining a few bars in, as storytelling begins. The opposite sequence is also used, where a guitar or voice leads out, and drums appear later to rev up the energy. Either way, the full power and synergy of a band manifests when each component is actively playing its part.
Similarly, agents and hubs make more powerful music when they work together. Most work that agents need to do is rooted in and informed by data; an agent that has a hub to work with is likely to be far more useful to its master. And data is an asset, but cultivating it for security and usefulness can drown us in details without powerful tools, as anyone who’s cataloged years of cat videos can attest. Having an agent to enact decisions and reference the data in appropriate, automated ways in interactions is a no-brainer.
The straightforward ability to dovetail is part of what differentiates the hub+agent combination from more specialized SSI technologies like Solid, which have a more standalone vision. Solid’s features are similar to hubs. An integration path between it and the identity, credential, and protocol features of agents undoubtedly exists, but is not a design goal.
We expect that the most useful decentralized identities will use both hubs and agents.
How, exactly, are duties divided between hubs and agents?
To answer that question, it’s important to understand that both agents and hubs are intangible software constructs that interact over the network through APIs or messages–and that the DID communication mechanisms they use are common. In other words, they share large amounts of DNA. What separates a hub from an agent is which high-level protocols it is assigned. The division of work is manifest in which messages are sent to which component. This division used to be muddy, but it is now clarifying nicely and should become even crisper. We advocate dialog around remaining questions, and in the meantime, we suggest the rules of thumb that follow.
Hubs and agents focus on different things. Overlap is shrinking.
Hub protocols are data-oriented. They model operations as commits to a data object, or as reads of an object state. Several datatype interfaces can be read, written, or queried in similar ways: Profile, Permissions, Actions, Stores, Collections, and Services. Collections is the most foundational to the hub’s role as a data manager; it is where chunks of data of almost any type can be accessed, both by the data owner and (if the owner wishes) by others. Permissions control access to data. Profile describes the identity owner (think a universal, self-hosted gravatar). Services is the basis of a hub’s extensibility mechanism. Stores and Actions are for advanced use cases that we’ll gloss over in this high-level discussion.
One identity owner may use many hubs. Hubs make the physical topology transparent; to the owner, it just feels like data is always available on whatever device and whatever network is convenient. In keeping with the hub’s focus on data management, hubs are not deeply trusted or deeply informed about their owner’s behavior. They don’t take actions on the owner’s behalf, and they don’t hold keys. However, hubs can relay messages to other components, like agents, for processing. They are superb data managers.
Agents are flow-oriented. Their job is to get work done, and the unit of work management is a protocol. Agents might support protocols for issuing credentials, negotiating payment, or dozens of other personal and business processes. The messages that arrive at agents are routed to a protocol handler that looks up the persisted state of the flow and takes the next step, based on what the message says. Agents do take actions on the owner’s behalf; for example, when Alice digitally signs a lease with her mobile phone, an agent has to do the underlying crypto because Alice can’t handle modular exponentiation in her head, and she can’t speak bits and bytes over Wifi.
A component diagram that shows how hubs and agents deploy and interact in a credential-oriented interaction may help to provide a tangible example:
Hubs and agents work together to connect Alice to other parties on the digital landscape.
Agents should generally defer storage management tasks to hubs. The persisted state that an agent adds to, when taking the next step in an incomplete workflow, should be read from and written to a hub’s sophisticated storage layers–and by viewing messages as data, hubs can add reliable delivery guarantees to route or relay functions that propagate messages to all of Alice’s agents. When Alice wants to share her cat videos with Bob, she should point him to a URI backed by her hub(s). It is possible that some agents will operate without hubs (e.g., IoT devices that emit sensor data but that don’t store much); however, most sophisticated agents will have hub storage available to them.
Hubs should generally defer complex, non-data-management work to agents. When Bob wants to buy a car that Alice is selling, he engages in a buy~sell protocol that begins as Alice receives a message from him. This message arrives at the boundary of Alice’s world at an endpoint she designates. That endpoint might be hosted on a hub, where the message can be persisted and replicated—or it might flow directly to one of Alice’s agents. Either way, it is the agent’s interface that Bob interacts with and that provides interoperable workflow. It is possible that some hubs will operate without agents (e.g., doing nothing complex beyond sharing data); however, most hubs will collaborate with agents nearby.
Hubs and agents are complementary technologies. Hubs are the data relays and data managers of decentralized identity; agents are the personal assistants. Each solves complex problems for identity owners, and each gets more powerful when paired with the other. We expect flexible and powerful decentralized identities to use both.
After working on the problem of identity online for more years than we care to admit, it is heartening to see that we are not alone: The identity community we’ve longed to see is here, and it’s transforming the world. In the months since Hyperledger Indy graduated to ‘production ready’ active status, we’ve seen an outpouring of digital identity business solutions come to market.
These accomplishments are due, in part, to the growth and maturity of the Hyperledger Indy code; but, equally, they wouldn’t have happened without a collaborative community of dedicated contributors passionate about changing the way identity works online. And their outstanding work is not going unnoticed by the wider technology community: self-sovereign identity (SSI) has gone from “interesting idea” to “this looks promising” to “we need to implement this now.”
The Time for SSI Has Come
Forrester’s recent “Top Recommendations for Your Security Program, 2019,” testifies to this, describing SSI as a “win” for customers and businesses, and urged chief information security officers (CISO) to “Empower your customers to control their own identities via self-sovereign identity.”
They can do this because exchanging verifiable digital credentials is at the heart of SSI. This ends the need for massive data silos, honeypots, and unsecured data repositories housed at countless corporations and organizations. Instead, anyone can hold secure and verifiable information about themselves, and through Zero-Knowledge Proofs (ZKP), minimize the information they decide to share with others. (ZKPs are an important type of advanced privacy-preserving cryptography now available in the open source community within the recently announced Hyperledger Aries project).
This doesn’t just benefit consumers in terms of information sharing, businesses also get to avoid GDPR and regulatory compliance issues and benefit from much better security. Moreover, we’re finally starting to see the big tech companies come to the realization that the status quo isn’t working when it comes to data collection, and sooner or later, it will affect their bottom line. SSI is the disruptive technology that the industry has been waiting for.
The Indy and Aries communities are driving this disruption in privacy and personal data by designing and building the protocols, technologies, and code that makes SSI possible. But moving beyond the code and building real solutions will require new companies. Like the Web 20 years ago, most of these will be startups who have a vision for this new way of interacting online.
Designed to help organizations and companies learn how to use code from Hyperledger Indy to create verifiable credential exchange products and SSI solutions, this intensive 12-week program based in San Francisco will be a bootcamp for identity entrepreneurs and start-ups. It also gives participating companies $180,000 in investment and the comprehensive hands-on technical support and mentoring they need to realize their business ideas and bring their products to market.
At a point where SSI is reaching critical mass, we want to see the identity community grow bigger and stronger and build the products that take SSI to the masses. As Sovrin Foundation Executive Director and CEO Heather Dahl recently noted at the New Context Conference in Tokyo, an event founded in 2005 by Digital Garage co-founder and Director of MIT Media Lab, Joi Ito, “Self-sovereign identity is the next disruptive innovation; it changes the very nature of how people connect with the companies and services that they rely upon online.”
It’s great to see the SSI Incubator already receiving its first batch of applications, with many from the same Hyperledger community Sovrin first worked with to donate the source code to Hyperledger Indy. These are the same members who we see contributing and maintaining the code repositories for Hyperledger Indy and Aries today,
These products are poised to transform the fundamental way the Internet runs and the way we will use it to the benefit of everyone. With our years of experience and depth of knowledge about digital identity, supporting this community and these projects is not just something interesting for us to do in our spare time. It is our job as leaders in technology and identity to support, educate, and most importantly, fund the projects, that will change the future of identity forever.
About the authors
Greg Kidd is the Founding Partner of Hard Yaka, a fund investing in portable identity, payments and marketplaces necessary for digital transformation. He has invested in more than 100 startups, including Twitter, Square and Ripple.
Dr. Phil Windley is chair of the Sovrin Foundation and the co-founder and organizer of the Internet Identity Workshop. He is a passionate technology educator and is the author of the books The Live Web and Digital Identity.
Adds Eight New Members, including Ethereum Foundation, Microsoft, Nornickel and Salesforce, to Open Source Community Building Blockchain for Business
SAN FRANCISCO (June 18, 2019) – Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, today announced a diverse line-up of eight new members, including Ethereum Foundation, Microsoft, Nornickel and Salesforce. Hyperledger also added a new identity infrastructure project that spotlights interoperability, cross project development and broad community involvement.
Hyperledger is a multi-venture, multi-stakeholder effort hosted at the Linux Foundation that includes various enterprise blockchain and distributed ledger technologies. With the recent launch of Hyperledger Aries, there are now a total 13 projects in the Hyperledger greenhouse. Ongoing efforts to continue fostering community development also drove the introduction of a sixth special interest group (SIG) focused on the supply chain industry as well as the kick off of the intensive, hands-on 2019 Summer Mentorship program.
“Our new members illustrate the breadth of organizations that see the value of contributing to the Hyperledger community,” said Brian Behlendorf, Executive Director, Hyperledger. “The mix of blue chip technology companies, international organizations, logistics and manufacturing players and academia that have joined us from point around the world show the widespread interest and investment in open source enterprise blockchain technologies. This broad-based involvement is what drives our expanding portfolio of open source projects, which are fully conceived, developed and advanced by the ever-growing Hyperledger community.”
Hyperledger allows organizations to create solid, industry-specific applications, platforms and hardware systems to support their individual business transactions by offering enterprise-grade, open source distributed ledger frameworks and code bases. The latest general members to join the community are Gloscad, Microsoft, Milligan Partners, Nornickel and Salesforce.
Hyperledger supports an open community that values contributions and participation from various entities. As such, pre-approved non-profits, open source projects and government entities can join Hyperledger at no cost as associate members. Associate members joining this month include China Academy of Information and Communications Technology (CAICT), Ethereum Foundation and GS1 US.
These organizations and our other members will be joining us in Tokyo at the end of July for our annual Member Summit.
“In a world where everything is connected, where transactions and information are instantly delivered and processed around the world, it is now crucial to adapt our rules of conduct – from analysis, preparation, production to consumption,” said Criss Boukoulou, CEO and co-founder of Gloscad. “Our main goal is to provide sustainable solutions to the most basic human needs. Hyperledger offers an opportunity to reinvent the agricultural model by building trust on human level. As a general member, we look forward to contributing to this new ecosystem.”
“Our journey in the blockchain ecosystem has brought us a long way, and now is the time for us to join the Hyperledger community,” said Marley Gray, Principal Architect, Blockchain Engineering at Microsoft. “We are proud of our contributions to such a diverse blockchain ecosystem, from our Azure service offerings and developer toolkits to our leadership in driving open specifications. We look forward to contributing to the community’s projects as well as initiating new ones based on emerging standards.”
“Joining Hyperledger is tremendously valuable to us as we develop blockchain solutions for Mobility as a Service,” said Matt Milligan, Managing Partner at Milligan Partners. “By working in this diverse open source community, we can be more creative and more innovative than we could ever be on our own. We’re thrilled to support and contribute to the Hyperledger community.”
“Hyperledger is our core technology. By joining Hyperledger, we plan to share our expertise and knowledge to improve blockchain technology,” said Sergey Batekhin, Senior Vice President — Sales, Procurement, and Innovation at Nornickel. “Our company has formed a considerable pool of ideas, concepts and initiatives that can be offered to other industry players. By joining the Hyperledger community, we are making our inventions accessible to interested parties around the world.”
“Blockchain is quickly becoming a foundational technology for organizations to deliver a truly connected customer experience,” said Adam Caplan, SVP, Emerging Technology, Salesforce. “Hyperledger has created a great blockchain community that we’re excited to learn from and be a part of.”
Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. The Linux Foundation hosts Hyperledger under the foundation. To learn more, visit: https://www.hyperledger.org/.
Identity is commonly cited as one of the most promising use-cases for distributed ledger technology. Initiatives and solutions focused on creating, transmitting and storing verifiable digital credentials will benefit from a shared, reusable, interoperable tool kit. Hyperledger Aries, the newest Hyperledger project (the13th!), is a shared infrastructure of tools that enables the exchange of blockchain-based data, supports peer-to-peer messaging in various scenarios, and facilitates interoperable interaction between different blockchains and other distributed ledger technologies (DLTs).
Hyperledger Aries intends to:
Provide code for peer-to-peer interaction, secrets management, verifiable information exchange, and secure messaging for different decentralized systems.
Foster practical interoperability in support of ongoing standards work and extend the applicability of technologies developed within Indy beyond its current community components from the Hyperledger stack into a single, effective business solution.
What is Aries? Hyperledger Aries is infrastructure for blockchain-rooted, peer-to-peer interactions. It’s not a blockchain and it’s not an application.
A blockchain interface layer (known as a resolver) for creating and signing blockchain transactions.
A cryptographic wallet for secure storage (the secure storage tech, not a UI) of cryptographic secrets and other information used to build blockchain clients.
An encrypted messaging system for off-ledger interactions between clients using multiple transport protocols.
An implementation of ZKP-capable W3C verifiable credentials using the ZKP primitives found in Ursa.
An implementation of the Decentralized Key Management System (DKMS) specification currently being incubated in Hyperledger Indy.
A mechanism to build higher-level protocols and API-like use cases based on the secure messaging functionality described earlier.
The generic interface of Aries will initially support the Hyperledger Indy resolver but is flexible enough so that someone could build a pluggable method using other DID method resolvers such as Hyperledger Fabric, Ethereum, or another DID method resolver they wish. These types of resolvers would support the resolving of transactions and other data on other ledgers.
Additionally, Hyperledger Aries will provide features and functionality outside of the scope of the Indy ledger to be planned and fully supported. We have reached out to other groups, including Ethereum-based decentralized identity efforts and others participating at the W3C to contribute to this code base.
With all of these capabilities, the open source community will now be able to build core message families that are necessary to facilitate interoperable interactions a wide variety of use cases involving blockchain-based identity.
Where did Aries come from? Hyperledger Aries is related to both Hyperledger Indy, which provides a resolver implementation, and Hyperledger Ursa, which it uses for cryptographic functionality. Aries will consume the cryptographic support provided by Ursa to provide both secure secret management and hardware security modules support.
One of the main purposes of this project is to change the client layers in Hyperledger Indy to be interoperable with other identity projects. Hyperledger Indy has been incubating protocol work for peer interactions between identity owners for some time but as the development community has grown, it has become clear that the scope of that work extends beyond the functionality provided by Indy for support of other systems and networks.
With the main wallet and cryptographic code moving to its own project, it makes sense to move the pieces necessary to support that process with them in order to support a standards-driven approach and avoid cross dependencies between Indy and Aries.
What’s next for Aries? The ultimate goal of Hyperledger Aries is to provide a dynamic set of capabilities to store and exchange data related to blockchain-based identity. These capabilities will range from the secured, secret storage of data such as private keys, up to the capability of globally accessible data that can be viewed and accessed by anyone. An example of such support is the creation of a secure storage solution similar to the wallet available in Hyperledger Indy today.
Other Aries functionality that would be in scope for a 1.0 project release would be a Decentralized Key Management Solution (DKMS) which would add key recovery, social recovery, and wallet backup and restore functionality. Using DKMS, clients will need a way to interact with one another peer to peer that is currently in development within Hyperledger Indy. Much of this work would be based on the DKMS documents outlined in the Indy-HIPE dkms design folder. This would be capable of storing verifiable credential data, private keys, relationship state data, and functionality that could perform operations with this data without having to extract this data.
We also hope to eventually have a scalable, searchable storage layer which is capable of storing other associated data necessary for identity maintenance. Examples of such data would be pictures, health records, or other personal information.
Who’s Involved? The Sovrin Foundation has been the primary contributor to this initial initiative along with the team from the Government of British Columbia, but endorsements and possible contributions are in flight from several other organizations. Hyperledger has proven to be a collaborative and open environment for growing the community and has helped attract a variety of contributors. We are excited by the enthusiastic response from like-minded members of the community and look forward to collaborating further.